Stage and launch a malicious Excel document
Stages and opens a macro-enabled Excel document. The macro loads Operator network config facts from a previously staged file, then executes mshta.exe to run a malicious HTA file hosted on Operator. The HTA then downloads and executes a seconardy Pneuma agent.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)